Mac Corner: Computer Security — It's your responsibiity  

By Larry Grinnell, Palm Beach Phoenix Apple Users Group

larry grinnellIt’s easy to be lulled into a false sense of security where computer use is concerned. We don’t tend to think of all the bad things that could happen to our data if a virus attacked our computer or if somehow, a “bad guy” got into our computer and stole or erased our data.

Most large businesses are very aware of these threats, probably because they have experienced attacks from outside their firewall, and even worse, from within. Without controls and proper security measures, a single disgruntled employee can do serious harm to vital corporate records, databases, applications, email, websites, HR records, and more. More about that in a bit. First, let’s talk about external threats and how to defend your networks and services.

Make certain that every link to the outside world goes through a firewall. A firewall uses sophisticated software to block unwanted data from entering the site. Most consumer-grade routers, wireless or not, include firewall functionality that does a great job keeping most of the bad guys out, but you have to configure it to take best advantage of its capabilities.

Be sure to read your user’s guide (as a technical writer, I always make this recommendation!), or check the website for your router’s manufacturer to find out how to configure your router for maximum security. Professional-grade firewalls for your wired and wireless networks use additional security measures that are beyond the scope of this article. These usually require the laying of hands by IT professionals to configure and maintain, but could be well worth it if your data is important to you.

As I reported in a previous Mac Corner article, there are steps you need to take to secure your wireless network, too. In fact, for most bad guys, your wireless network is the easiest way to gain access to your networks. Use very strong passwords on your wireless connections and even though it may be a pain, change those passwords every few months.

Okay, that’s your electronic barrier against outside invaders. Again, even with the best security measures, determined bad guys can still gain access to your network. This is where strong internal security measures can do a good job protecting your data from these external invaders, as well as those previously mentioned disgruntled employees, former or not, who want to cause damage to your network assets.

This is where strong access control to shared resources is vital. I served in the US Air Force for nine years, and the thing that was repeatedly beaten into my skull was the definition of access to classified material, which has very valid parallels to securing your own computer networks. There are three criteria for accessing classified information, which you should consider implementing for your shared data:

Security Clearance (Official Use Only, Confidential, Secret, Top secret—how can your company be damaged if this information were either lost/destroyed or exposed to the public?)
Need to Know (do you really need access to that information to perform your job?)
Proper Identification (are you who you say you are?)

With these criteria in mind, it then depends upon the size of your network and how many people have access to shared information. Proper file server software, be it Apple’s Snow Leopard Server, or Windows Server 2008 (or earlier versions), or the many iterations of Linux, permits you to set up access at user and/or group levels.

If you have a small workgroup of, say, less than five people, you can probably set up access to shared resources on an individual level. This means that when you log on to your network, you are granted complete access only to those parts of the server for which you have been granted specific access. This access can be configured so you can read and write (copy or move files in and out of the server), read-only (view on the server and copy to your local computer), or have no access at all.

If you have more than five individuals accessing shared information, you should consider setting up groups.  A group is a collection of trusted users who have been granted access to specific information. You can set up multiple groups with combinations of users, depending upon their need to know. For example, you might have a group called Financial for those who need to access company finances, another group might be Marketing, and another Operations, and so on.

This compartmentalizes access to your information so no single individual, no matter how well-trusted, can gain access to everything.

Now you have your external network access under control, and have limited access to your internal network. If someone outside does get into your internal network, they will still have to work very hard to gain access to your file servers because everything has been secured behind passwords. Authorized individuals within your network only have access to the information they need to perform their job.

Three last things:

What is your data worth to you? In a word (or three), back it up! Make sure you have backups of the contents of your server. Preferably two backups: one on-site so you can quickly restore lost or corrupt data, and another stored off-site.

Make sure you have good anti-virus and anti-malware software running on both your desktop and laptop machines, as well as your file server. Make sure your email server is similarly protected. With a small company, it might be better just to outsource your email to a third-party who has the resources to protect your email from virus and other attacks.
Use good passwords (combination of at least eight upper-case letters, lower-case letters, numbers, and special characters), and require them to be changed every three to six months.

To learn more about computer security from an expert in the field, check out the website of an old friend of mine, Dr. Rick Smith, who has published two books on the topic of internet security.

EDITOR'S NOTE: Readers are welcome to comment on this or any Mac Corner columns by visiting the Palm Beach Phoenix blog as well as by writing the editor of Palm Beach

Mac Corner runs every Wednesday only in Palm Beach Click to read the previous column.

About Larry Grinnell: Larry has been working with Macintosh and Windows PCs for over 25 years and worked as a senior technical writer and IT support professional for a major midwest-based consumer electronics and telecommunications equipment manufacturer here in South Florida. His musings on a wide variety of topics from computers to jazz guitar to strange foreign cars from the 1950s can be viewed at the website. Click here to reach him by email.

palm beach phoenix logoWriters of this column are members of the Palm Beach Phoenix Apple User Group, a nonprofit organization for Apple Computing Device Users, recognized by Apple Inc., with the purpose of providing educational training and coaching to its members (students, professionals and seniors alike) in a cordial social environment. The club meets the second Saturday (1-4 p.m.) and fourth Wednesday (6-8 p.m.) of each month at the Fire Station #2, 4301 Dixie Highway in West Palm Beach (just two block south of Southern Boulevard). Click here to visit their website. Click here to reach them by email.

The Outlok effective affordable advertising

Openings at $75K to $500K+
ad for tina pugliese's column

palm beach
DECEMBER 30, 2009 click to go home
click to go back to the top
Delray's Online Business and Community Newspaper